Korean
-
Blog
US cracks down on North Korean IT worker army with more sanctions
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea’s Ministry of National Defense that have generated revenue via illegal remote IT work schemes. “The DPRK continues to rely on its thousands of overseas IT workers to generate revenue for the regime, to finance its illegal weapons programs, and to enable its support…
Read More » -
Blog
FBI links North Korean hackers to $308 million crypto heist
The North Korean hacker group ‘TraderTraitor’ stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. In a short post, the FBI attributed the attack to the state-affiliated threat actor TraderTraitor, also tracked as Jade Sleet, UNC4899, and Slow Pisces. The crypto heist occurred in May 2024 and forced the platform to restrict account registration, cryptocurrency withdrawals, and trading…
Read More » -
Blog
US offers $5 million for info on North Korean IT worker farms
The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. The two companies, Chinese-based Yanbian Silverstar and Volasys Silverstar from Russia, tricked businesses worldwide into employing North Korean staff…
Read More » -
Blog
US charges 14 members of North Korean IT worker scam that bagged $88 million in six years
More than a dozen North Korean nationals suspected of operating a social engineering scam posing as fake IT staff have been indicted in the US, after generating serious income for the DPRK. A federal court in St. Louis, Missouri formally charged 14 individuals with “long-running conspiracies to violate US sanctions and to commit wire fraud, money laundering, and identity theft”.…
Read More » -
Blog
North Korean hackers use new macOS malware against crypto firms
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. Researchers are calling the campaign Hidden Risk and say that it lures victims with emails that share fake news about the latest activity in the cryptocurrency sector. The malware deployed in these attacks relies on a novel persistence mechanism on macOS that…
Read More » -
Blog
Undercover North Korean IT workers now steal data, extort employers
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization’s network and asking for a ransom to not leak it. Dispatching IT workers to seek employment at companies in wealthier nations is a tactic that North Korea has been using for years as a means to obtain privileged access for cyberattacks or to…
Read More » -
Blog
North Korean hackers exploit Chrome zero-day to deploy rootkit
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. “We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,” Microsoft said on Friday, attributing the attacks…
Read More » -
Blog
South Korean hackers exploited WPS Office zero-day to deploy malware
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. WPS Office is a productivity suite developed by the Chinese firm Kingsoft that is popular in Asia. Reportedly, it has over 500 million active users worldwide. The zero-day flaw, tracked…
Read More » -
Blog
North Korean insider attacks are skyrocketing – dozens of US firms didn’t spot the hacker in their midst
Over 100 organizations have been targeted by North Korean hackers posing as legitimate IT workers to steal money and exfiltrate sensitive information, new research reveals. The threat campaign, operated by a group tracked as FAMOUS CHOLLIMA, involves posing as a locally-based IT technician or software developer, using stolen identities and deepfake technology to pass background checks. In its 2024 Threat…
Read More » -
Blog
US citizen charged with aiding North Korean hackers moonlighting as tech workers
The US Department of Justice (DoJ) has charged a Nashville resident for helping North Korean hackers gain positions at US and UK tech companies. Matthew Isaac Knoot, 38, is accused of being responsible for the US-side of a campaign to get threat actors positions at prominent firms in a bid to steal information and extort ransoms. Knoot was charged on…
Read More »